/**
* Checks a raw password against an encoded password.
*
* @param string $encoded An encoded password
* @param string $raw A raw password
* @param string $salt The salt
*
* @return Boolean true if the password is valid, false otherwise
*/
public function isPasswordValid($encoded, $raw, $salt)
{
if (substr($encoded, 0, 2) == 'U$') {
// This may be an updated password from user_update_7000(). Such hashes
// have 'U' added as the first character and need an extra md5().
$stored_hash = substr($encoded, 1);
$raw = md5($raw);
} else {
$stored_hash = $encoded;
}
$type = substr($stored_hash, 0, 3);
switch ($type) {
case '$S$':
// A normal Drupal 7 password using sha512.
$hash = _password_crypt('sha512', $raw, $stored_hash);
break;
case '$H$':
// phpBB3 uses "$H$" for the same thing as "$P$".
// phpBB3 uses "$H$" for the same thing as "$P$".
case '$P$':
// A phpass password generated using md5. This is an
// imported password or from an earlier Drupal version.
$hash = _password_crypt('md5', $raw, $stored_hash);
break;
default:
return FALSE;
}
return $hash && $stored_hash == $hash;
}
/**
* Hash a password using a secure hash.
*
* @param $password
* A plain-text password.
* @param $count_log2
* Optional integer to specify the iteration count. Generally used only during
* mass operations where a value less than the default is needed for speed.
*
* @return
* A string containing the hashed password (and a salt), or FALSE on failure.
*/
function user_hash_password($password, $count_log2 = 0)
{
if (empty($count_log2)) {
// Use the standard iteration count.
$count_log2 = variable_get('password_count_log2', DRUPAL_HASH_COUNT);
}
return _password_crypt($password, _password_generate_salt($count_log2));
}
/**
* Hash a password for Drupal, by using Drupal's password.inc
* Set the relative location of your Drupal path, by setting
* this->cnf['DrupalLocation'] in your configuration file.
*
* @params $password Plaintext password
* @params $hashedpw Pre-hashed password from the Drupal DB
*
* @return String The hash of the password/pre-hash given
*
* @author Alex Shepherd <n00bATNOSPAMn00bsys0p.co.uk>
**/
function _hashPW($password, $hashedpw)
{
$drupalroot = $this->cnf['DrupalRoot'];
require_once $drupalroot . 'includes/password.inc';
if (!function_exists(_password_crypt)) {
msg("Drupal installation not found. Please check your configuration", -1, __LINE__, __FILE__);
$this->success = false;
}
$hash = _password_crypt('sha512', $password, $hashedpw);
return $hash;
}
